Bigger risks warrant greater levels of network security and this is where firewalls come into the picture.
What is a firewall?
A firewall is a piece of security hardware or software designed to monitor traffic across your network.
Any IT network will have several points where internal systems communicate with external servers and systems. This might be your email exchange, your website, a cloud service or similar.
A firewall will protect these and other access points on your network, ensuring that they are not exposed to unwanted third parties.
Types of protection
Broadly, there are three types of firewall. Each approaches security in a slightly different way and are therefore suitable to differing sized networks:
Packet filters – A packet filter firewall reviews incoming and outgoing data ‘packets’ to determine whether they are safe to access (or leave) a network. It will compare packets to pre-established criteria such as IP addresses, packet type, port number and so on to the determine safe movement of data. This stops unauthorised access to a network or server or the removal of data from a network. While fine for small networks, the complexity of larger networks makes packet filter firewalls less efficient and secure.
Stateful inspection – Working on a deeper network level, stateful inspection firewalls use a similar principle to packet filter firewalls along with a ‘memory’ of the beginning and endpoints of packet journeys. This means should a potentially safe-looking packet come from an unexpected location (wrong port, IP address etc.) it can be blocked. This can stop forms of malware and virus software.
Stateful inspection is ideal for SME and mid-market organisations. However, this type of firewall is less good at handling complex attempts at access. It also won’t stop distributed denial of service (DDoS) attacks, where the sheer number of requests on the firewall overwhelm it and cause your website or network to crash. This is a problem faced by major companies or those with a strong or contentious public persona.
Proxy/application layer – The most secure type of firewall, known interchangeably as a proxy or application layer, is a response to the growing sophistication of attacks. More than just inspecting packets and their journeys, proxy layer firewalls will scan the applications or services underlying packets. This type of firewall understands how particular applications or protocols are supposed to behave. If anything out of the ordinary is detected, the packet or action is blocked. Web application firewalls will specifically protect against DDoS attacks using this principle, blocking traffic either based on the command protocols it’s running or based on traffic with out-of-the-ordinary IP addresses (eg. global traffic to a local UK website).
Why do you need a firewall?
A firewall is the first line of defence for a network, regulating access to your systems.
Certain business systems provide an obvious entry point to your network. Your website as one example needs to ‘talk’ to other external servers to allow users to access your website. This means having certain communication ports open on your network to accept the exchange of data.
However, you don’t want that communication to allow 3rd parties to access all parts of your website or other information held on that server. A firewall ensures that only the front-facing part of your website is accessible and not, for example, website form completes or placed orders.
It’s the same principle for the rest of your network as well. Hackers will try to gain access to your network either through open ports or by delivering malicious software designed to break into your systems through a legitimate means (email, downloads etc).
A firewall will not only prevent this data from entering your systems, but it can actively stop users from visiting websites that may introduce threats to your network, such as compromised websites or those with unsuitable content.
With the scale of threats out there, every organisation should have a firewall to protect their network. While anti-virus can detect threats ‘inside the walls’ of your network, a firewall will stop them getting in there in the first place.
For more information on firewalls and protecting your business’ network, please get in touch: